chaospatterns
@chaospatterns@lemmy.world
- Comment on DeArrow is an open source browser extension for crowdsourcing better titles and thumbnails on YouTube. 2 weeks ago:
This is my biggest challenge with this extension. What’s clickbait to one person is not to another. Several times I’ve come across titles that get mangled when rewritten to lose key points. Or the image gets replaced with a random screen grab. There’s a difference between somebody doing the YouTube face and a title with “the craziest stunt you’ve ever seen” and an artist photo with a title saying the “a crazy stunt jump through a burning hoop”.
One person could still say “crazy” makes it clickbait, but having some adjectives are fine
- Comment on Microsoft donates the Mono Project to the Wine team 4 weeks ago:
Ah yeah. Mono didn’t support WPF, but Mono did support running WinForms apps natively on Linux without using Wine.
- Comment on Microsoft donates the Mono Project to the Wine team 5 weeks ago:
.net core is the future but Mono is still important for running legacy .net framework applications like ones that use WinForms or WPF. That’s pretty much it. Anything new should go straight to .net core.
- Comment on We finally know what caused the global tech outage - and how much it cost 2 months ago:
They could and clearly they should have done that but hindsight is 20/20.
- Comment on Home routing and encryption technologies are making lawful interception harder, Europol warns 2 months ago:
For those who aren’t aware. This is talking about when cell phones roam into other networks, they now encrypt the traffic back to the home provider which means law enforcement struggle to tap it (legally or illegally).
PET is privacy enhancing technologies
- Comment on Do I Need to Harden SSH over Tor? 5 months ago:
Accidentally typo your password and get blocked. And if you’re tunneling over tor, you’ve blocked 127.0.0.1 which means now nobody can login.
- Comment on Ticketek ‘glitch’ appears to re-sell fan’s $659 ticket for Taylor Swift concert — “They said, ‘someone else has it, we don’t know who, we can’t check or track who has your ticket’” 7 months ago:
Doubtful. TicketMaster is there to take the bad PR but was designed to get as many fees and funnel part of those fees to the artist. Yes TM has deals with Live Nation that basically force big artists to use them because they have the big stadiums, but Taylor Swift is a massive artist she has tons of lawyers and can negotiate fees.
As much as I love Taylor Swift, I have no doubt that she is massively benefiting from the high ticket prices.
- Comment on Help with NGINX? so close... 8 months ago:
I don’t fully understand what you’re saying, but let’s break this down.
Since you say you get an NGINX page, what does your NGINX config look like? What exactly does the NGINX “login page” say? Is it an error or is it a directory listing or something else?
- Comment on Microsoft lays hands on login data: Beware of the new Outlook 10 months ago:
It’s true that Mozilla does collect telemetry and that Mozilla Corp is for profit, however Mozilla Corp is owned by Mozilla Foundation. That ownership structure is either a way to get around limitations on non profits, or its an opportunity for the Foundation to directly influence the Corp to be better.
However, I’ll still use Firefox/Thunderbird because: Usage stats such as number of accounts or filters is in no way comparable to my username and password. One is basic metadata and stats, the other is a massive risk. You can opt out of the telemetry, the only way to opt out of sharing your password is to not use the new Outlook.
I take a more pragmatic approach to privacy based on my trust. I understand the value of telemetry, but change it depending on the company. Big Tech I have less trust in, Mozilla, while they have issues, are on average far better for privacy vs big tech.
As a developer, I understand the value of telemetry and the risks that come with collecting any data. I pick Firefox because it challenges the homogeney of Google’s influence and it looks like I’m going to pick Thunderbird because I’ haven’t seen a better option.
- Comment on LinkedIn user data leaked: Database shows emails, profile data, phones, full names, and more confidential info. 10 months ago:
That’s not because you have a wildcard. That’s because you need to implement DKIM, DMARC, and SPF records to prevent others from using your domain name to send mail.
- Comment on Unpacking Amazon's stealthy mass layoff strategy in Seattle 11 months ago:
Amazon corporate employees get RSUs which are stocks, not options. After the new hire RSUs go away, you end up with two vest dates a year and new comp offerings start the following year (so in 2024 you’ll see new money in 2025 plus a small base salary bump that goes in effect that month).
Tech salaries are frequently stock based, but Amazon’s is unusual in that it’s only twice a year, and bumps start the following year, and they recently made the change to do 2 year offers instead of 3 years.
- Comment on Docker containers can no longer communicate with the host's local network 1 year ago:
If you’re running Docker for servers not development, then you can make Hyper-V work. I used to do that before I got a separate Linux server.
Just setup a network adapter that gets bridged to your Ethernet adapter, then create a VM that uses that bridged adapter. The Linux VM will appear like its another computer on your LAN and you can use Docker with host Network.
- Comment on Google's Web DRM is Worse than I Thought... 1 year ago:
Attestation depends on a few things:
- The website has to choose to trust a given attestation provider. If Open Source Browser Attestation Provider X is known for freely handing out attestations then websites will just ignore them
- The browser’s self-attestation. This is tricky part to implement. I haven’t looked at the WEI spec to see how this works, but ultimately it depends on code running on your machine identifying when it’s been modified. In theory, you can modify the browser however you want, but it’s likely that this code will be thoroughly obfuscated and regularly changing to make it hard to reverse engineer. In addition, there are CPU level systems like Intel SGX that provide secure enclaves to run code and a remote entity can verify that the code that ran in SGX was the same code that the remote entity intended to run.
If you’re on iOS or Android, there’s already strong OS level protections that a browser attestation can plugin to (like SafetyNet.)
- Comment on Does self hosting an instance of a federated service, like lemmy, effectively act as a VPN for your account? 1 year ago:
What is your threat model or goal? It could hide the device you use to connect to the instance, however a lot of actions you do on Lemmy, including all upvotes, are public to other instances.